binder_parcel_fuzzer: add markSensitive coverage
Small change to improve fuzzing coverage on Parcel.
Bug: 369404061
Test: binder_parcel_fuzzer
Change-Id: I4acabf22dc4e7d2ad0b416f2dd02d8e04b1e5736
diff --git a/libs/binder/tests/parcel_fuzzer/binder.cpp b/libs/binder/tests/parcel_fuzzer/binder.cpp
index 07f0143..401c274 100644
--- a/libs/binder/tests/parcel_fuzzer/binder.cpp
+++ b/libs/binder/tests/parcel_fuzzer/binder.cpp
@@ -121,6 +121,11 @@
PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors),
PARCEL_READ_NO_STATUS(std::vector<android::sp<android::IBinder>>, debugReadAllStrongBinders),
PARCEL_READ_NO_STATUS(std::vector<int>, debugReadAllFileDescriptors),
+ [] (const ::android::Parcel& p, FuzzedDataProvider&) {
+ FUZZ_LOG() << "about to markSensitive";
+ p.markSensitive();
+ FUZZ_LOG() << "markSensitive done";
+ },
[] (const ::android::Parcel& p, FuzzedDataProvider& provider) {
std::string interface = provider.ConsumeRandomLengthString();
FUZZ_LOG() << "about to enforceInterface: " << interface;
diff --git a/libs/binder/tests/parcel_fuzzer/random_parcel.cpp b/libs/binder/tests/parcel_fuzzer/random_parcel.cpp
index dfd178a..61b9612 100644
--- a/libs/binder/tests/parcel_fuzzer/random_parcel.cpp
+++ b/libs/binder/tests/parcel_fuzzer/random_parcel.cpp
@@ -40,6 +40,13 @@
const uint8_t fuzzerParcelOptions = provider.ConsumeIntegral<uint8_t>();
const bool resultShouldBeView = fuzzerParcelOptions & 1;
const bool resultShouldBeRpc = fuzzerParcelOptions & 2;
+ const bool resultShouldMarkSensitive = fuzzerParcelOptions & 4;
+
+ auto sensitivity_guard = binder::impl::make_scope_guard([&]() {
+ if (resultShouldMarkSensitive) {
+ outputParcel->markSensitive();
+ }
+ });
Parcel* p;
if (resultShouldBeView) {
@@ -49,6 +56,9 @@
} else {
p = outputParcel; // directly fill out the output Parcel
}
+
+ // must be last guard, so outputParcel gets setup as view before
+ // other guards
auto viewify_guard = binder::impl::make_scope_guard([&]() {
if (resultShouldBeView) {
outputParcel->makeDangerousViewOf(p);